W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2009

[whatwg] Web Storage: apparent contradiction in spec

From: Brady Eidson <beidson@apple.com>
Date: Mon, 31 Aug 2009 11:19:47 -0700
Message-ID: <256E16E5-4025-486E-BD73-24645C7F5FDA@apple.com>

On Aug 31, 2009, at 11:12 AM, Jeremy Orlow wrote:

> On Mon, Aug 31, 2009 at 11:01 AM, Jens Alfke <snej at google.com> wrote:
>
> On Aug 31, 2009, at 3:11 AM, Ian Hickson wrote:
>
> We can't treat cookies and persistent storage differently, because
> otherwise we'll expose users to cookie resurrection attacks.  
> Maintaining
> the user's expectations of privacy is critical.
>
> The fact that local storage can be used as a type of super-cookie  
> doesn't mean the two are the same thing. Yes, obviously if I give a  
> website permission to put 50MB of stuff on my disk, it can use 1k of  
> that as a type of cookie if it wants. That's just one of many  
> reasons why user agents should require user approval for letting a  
> domain access local storage.
>
> That does not mean that the "Delete Cookies" menu command should  
> also delete local storage. Users often delete cookies to resolve  
> login issues (I've had to do this with Google websites several  
> times). Conflating the two can lead to disasters like "I told you to  
> delete my COOKIES! Not my EMAIL DRAFTS that I was trying to log in  
> to send!"
>
> Agreed.
>
> So I've removed the text that says that local storage could be user- 
> critical.
>
> That's going to come as a shock to developers who were planning to  
> use it for user-created data (whether drafts of content to be pushed  
> to the cloud, or strictly-local documents.) Without this, the safe  
> usage of local storage diminishes to a download cache.
>
> Yes, this is pretty disconcerting since there's been OVERWHELMING  
> support for LocalStorage being treated as user-critical on this  
> thread.

Thirded.

I will state again that I've been told face-to-face by multiple  
developers:  If there is a perception that Flash's LocalStorage is  
deemed more "user critical" and therefore "safer" than HTML5's  
LocalStorage, they'll continue to instantiate Flash instead of using  
the HTML5/WebStorage mechanism.  "Supercookies" will continue to exist  
in the Flash-ether and continue to be hidden from browser-view.

/me sheds a tear.

~Brady

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090831/ddd13de5/attachment.htm>
Received on Monday, 31 August 2009 11:19:47 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:16 UTC